RPR 26 2005 12:03PM LRU OFFICE GUI BETHRRDS LL 817 28 1 7136 



p . 5 



AppLNo. 09/976,516 

Amendment dated April 26, 2005 

Reply to Office Action of January 26, 2005 



Amendments to the Claims; 

This listing of claims will replace all prior versions, and listings, of claims in the application: 
Listing of Claims: 

CLAIMS 

1. (Currently amended) A method for providing node security in a router of a packet network, 
comprising the steps of: 

monitoring a data packet sent from an originator via the router and addressed to a 
destination device other than the router; 

determining in the router whether the data packet is potentially harmful to the destination 

device* 

interrupting transmission of the data packet in response to determining that the data 
packet is potentially harmful to the destination device, the interrupting further comprising the 
step of communicating with a second router to cause the second router to interrupt transmission 
of a future data packet; and 

transmitting the data packet in response to determining that the data packet is not 
potentially harmful to the destination device. 
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2. (Original) The method of claim 1, wherein the interrupting step comprises the step of 
discarding a later data packet from the originator. 



3. (Original) The method of claim 1, wherein the interrupting step comprises the step of sending 
a command to an upstream router to intercept future data packets from the originator. 

4. (Original) The method of claim 1, wherein the interrupting step comprises the step of 
forwarding an agent to an upstream router, the agent arranged to intercept future data packets 
from the originator. 

5. (Original)The method of claim 1, wherein the determining step comprises the step of checking 
for a potential presence of at least one of a worm, a virus, and a Trojan horse. 

6. (Original) The method of claim 1, wherein the monitoring step comprises at least one of the 
steps of: 

random sampling of a subset of data packets; 
monitoring data packets having a predetermined source address; 
monitoring data packets having a predetermined destination address; and 
monitoring data packets having a predetermined combination of source and destination 
address. 
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7. (Original)The method of claim 1, wherein the determining step comprises the steps of: 

determining that a first data packet is suspicious; and 

in response to determining that the first data packet is suspicious, deciding to monitor 
future data packets having at least one of a source address and a destination address matching, 
respectively, the source address and the destination address of the first data packet 

8. (Original) The method of claim 1, wherein the interrupting step comprises the step of 
collaborating with an upstream router to cause the upstream router to update its capabilities to 
detect a potentially harmful data packet. 

9. (Original)The method of claim 1 , wherein the interrupting step comprises the step of 
collaborating with an upstream router that is not a neighbor of the router to have the upstream 
router block transmissions from the originator. 

10. (Original) The method of claim of 9, wherein the interrupting step further comprises the step 
of identifying the upstream router by sending a command to the originator, the command 
requesting address information from participating routers* 
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1 L (Original) A router for providing node security in a packet network, comprising: 

a plurality of I/O ports for accepting a data packet sent from an originator via the router 

and addressed to a destination device other than the router, and for transmitting the data packet to 

the destination device; and 

a processor coupled to the plurality of I/O ports for processing the data packet; 

wherein the processor is programmed to: 
monitor the data packet; 

determine whether the data packet is potentially harmful to the destination device; 

interrupt transmission of the data packet in response to determining that the data packet is 
potentially harmful to the destination device, including communicating with a second router to 
cause the second router to interrupt transmission of a future data packet; and 

transmit the data packet in response to determining that the data packet is not potentially 
harmful to the destination device. 

12. (Original) The router of claim 11, wherein, in response to interrupting the data packet, the 
processor is further programmed to discard a later data packet from the originator. 

13. (Original) The router of claim 11, wherein, in response to interrupting the data packet, the 
processor is further programmed to send a command to an upstream router to intercept future 
data packets from the originator. 
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14. (Original) The router of claim 1 1, wherein, in response to interrupting the data packet, the 
processor is further programmed to forward an agent to an upstream router, the agent arranged to 
intercept future data packets from the originator. 

15. (Original )The router of claim 11, wherein the processor is further programmed to check for 
a potential presence of at least one of a worm, a virus, and a Trojan horse. 

1 6. (Original )The router of claim 1 1, wherein the processor is further programmed to at least 
one of: 

random sample a subset of data packets; 
monitor data packets having a predetermined source address; 
monitor data packets having a predetermined destination address; and 
monitor data packets having a predetermined combination of source and destination 
address. 

17. (Original) The router of claim 1 1 , wherein the processor is further programmed, 

in response to determining that a first data packet is suspicious, to decide to monitor future data 
packets having at least one of a source address and a destination address matching, respectively, 
the source address and the destination address of the first data packet. 
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18. (Original) The router of claim 11, wherein the processor is further programmed to 
collaborate with an upstream router to cause the upstream router to update its capabilities to 
detect a potentially harmful data packet. 

19. (Original) The router of claim 11, wherein the processor is further programmed to collaborate 
with an upstream router that is not a neighbor of the router to have the upstream router block 
transmissions from the originator. 

20. (Original)The router of claim of 1 9, wherein the processor is further programmed to identify 
the upstream router by sending a command to the originator, the command requesting address 
information from participating routers. 

************ 
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